ISSUE: users cannot login to my site. CAUSE: Firefox and Chrome are sending SHA-256 DIGEST auth, which is MD5 (Safari uses MD5 which is working fine)
Details: - Tomcat 9.0.98 - DIGEST auth using MD5 - has been working for 15+ years just fine. - have read all available Tomcat docs, searched web for answers, etc. Debugging so far: Custom Realm in use purpose of managing auth info, but it otherwise defers to org.apache.catalina.realm.RealmBase. CredentialHandler: eg <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="MD5" /> By instrumenting this realm, I have determined the following: - Firefox and Chrome are sending SHA-256 DIGEST to my server, which is using MD5. Guaranteed failure since wrong digest. - Safari is sending MD5, which works fine - Realm uses standard Thoughts: I would have thought that Tomcat would be replying to a client by advertising the correct algorithm. Possibilities: 1. Tomcat is not properly advising the client that MD5 is required. 2. The spec is somehow deficient so that client and server do not know what is required. 3. The clients (Firefox and Chrome) are doing it wrong. 4. Something needs to be configured that I have not configured. Lloyd Chambers --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
